7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
89.7%
Andrew Archibald discovered that the last update to squirrelmail which
was intended to fix several problems caused a regression which got
exposed when the user hits a session timeout. Â For completeness below
is the original advisory text:
>
> Several vulnerabilities have been discovered in Squirrelmail, a
> commonly used webmail system. The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
>
> * CAN-2005-0104
> Upstream developers noticed that an unsanitised variable could
> lead to cross site scripting.
>
> * CAN-2005-0152
> Grant Hollingworth discovered that under certain circumstances URL
> manipulation could lead to the execution of arbitrary code with
> the privileges of www-data. This problem only exists in version
> 1.2.6 of Squirrelmail.
>
>
>
For the stable distribution (woody) these problems have been fixed in
version 1.2.6-3.
For the unstable distribution (sid) the problem that affects unstable
has been fixed in version 1.4.4-1.
We recommend that you upgrade your squirrelmail package.
CPE | Name | Operator | Version |
---|---|---|---|
squirrelmail | eq | 1:1.2.6-1.4 | |
squirrelmail | eq | 1:1.2.6-2 |